A firm providing virtual mental health services for children is the latest victim of Fortra's widespread ransomware onslaught, which has spread its effects even further.
The American healthcare behemoth Blue Shield of California confirmed that data from one of its providers, Brightline, that was housed in its GoAnywhere file transfer platform had been taken in a data breach notice filed with the Maine attorney general's office.
Threat analysts identified Brightline as a potential victim of the mass breach last week. It offers online coaching and therapy for kids.
The breach notification verified that hackers—perhaps members of the Russia-linked Clop ransomware gang who claimed to have infiltrated over a hundred businesses via an unreported security flaw—accessed and possibly exfiltrated the personal information of over 63,000 patients.
The group has announced that they will release the data taken from Brightline "soon" on Clop's dark web leak site, which they use to expose the stolen material absent payment of a ransom.
On its website or on social media, Brightline has not yet made the breach publicly acknowledged. John O'Connor, a representative for Brightline, declined to comment on TechCrunch's inquiries, although he did not deny that the hack has a 63,000 person impact. The number of young Brightline customers who are impacted is unknown.
According to Blue Shield's breach report, the patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and plan group numbers were all compromised.
Nevertheless, Brightline is not the only healthcare provider among the 130 firms being affected by the Clop group. US Wellness, a provider of corporate health and wellness initiatives, also acknowledged that hackers had gained access to user personal information including names, addresses, dates of birth, and member ID numbers.
Because of the severity of the Fortra vulnerability's effects on healthcare institutions, the U.S. government's health sector cybersecurity coordination centre, or HC3, issued a warning in February to help companies prepare for Clop's attacks.
The City of Toronto, Investissement Québec, and Virgin Red are among the ever-expanding list of victims the group is known to have targeted outside of healthcare institutions.
Virgin Red was contacted by Clop and, according to Jodie Burton, learnt that hackers had "illegally gotten some Virgin Red files via a cyber-attack on our provider, GoAnywhere." Although Fortra had promised them that their data was secure, TechCrunch has heard from other victims who, like them, only discovered that data had been taken after receiving a ransom demand.